import psycopg

with psycopg.connect("dbname=examdb user=dbo") as conn:
	with conn.cursor() as cur:
		stmt = """
		INSERT INTO test_tbl1 (sn, name) VALUES (%s, %s) 
		"""

		sn = 1001
		name = f"test-{sn}"
		
		# HACKED! 
		name = "'); DELETE FROM test_tbl1; SELECT ('"

		#stmt = stmt %  (sn, name)
		cur.execute(stmt, (sn, name)) # SAFE!!!
		print(stmt)

	conn.commit()
